package com.kim.authorization.server.config.extend;

import com.kim.authorization.server.config.util.AuthProperties;
import com.kim.authorization.server.service.UserAccountService;
import com.kim.oauth.common.constants.Oauth2ExceptionEnum;
import com.kim.oauth.common.model.UserAccount;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.stereotype.Component;

/**
 * 刷新token鉴权
 */
@Component
public class RefreshTokenAuthenticator extends AbstractPrepareIntegrationAuthenticator {

    /**
     * 刷新token
     */
    private final static String AUTH_TYPE = "refresh_token";

    /**
     * 用户账户Service
     */
    private final UserAccountService userAccountService;

    public RefreshTokenAuthenticator(UserAccountService userAccountService) {
        this.userAccountService = userAccountService;
    }

    /**
     * 刷新token时进行认证
     * <p>为获取Authentication 对象.</p>
     *
     * @param entity 集成认证实体
     */
    @Override
    public UserAccount authenticate(IntegrationAuthenticationEntity entity) {
        // 获取用户名
        String username = entity.getAuthParameter(AuthProperties.USERNAME_PARAMETER_NAME);

        // 用户名为空
        if (username == null) {
            throw new OAuth2Exception(Oauth2ExceptionEnum.USERNAME_NULL.getMsg());
        }
        // 根据用户名查询用户账户
        UserAccount userAccount = userAccountService.selectByUserName(username);
        if (null == userAccount) {
            throw new OAuth2Exception(Oauth2ExceptionEnum.USER_NOT_FOUND.getMsg());
        }
        // 验证用户可用性
        userAccountService.validateUser(userAccount);

        // 组合用户账户对象与角色权限
        return userAccountService.composeUserAccountAndAuthority(userAccount);
    }

    /**
     * 刷新token方式
     * {@inheritDoc}
     */
    @Override
    public boolean support(IntegrationAuthenticationEntity entity) {
        return AUTH_TYPE.equals(entity.getAuthType());
    }
}
